CVE-2014-0214

Moodle <2.3.11-2.6.3 - Info Disclosure

Title source: llm

Description

login/token.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 creates a MoodleMobile web-service token with an infinite lifetime, which makes it easier for remote attackers to hijack sessions via a brute-force attack.

References (3)

Scores

EPSS 0.0047
EPSS Percentile 64.1%

Classification

CWE
CWE-287
Status draft

Affected Products (50)

moodle/moodle < 2.3.11
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
... and 35 more

Timeline

Published May 27, 2014
Tracked Since Feb 18, 2026